Last Updated: December 2024

1. Introduction

Smart Diet OÜ (registry code: 14295370, address: Heinamaa tee 19, Viimsi 74019, Estonia) (“MintyFit,” “we,” “our,” or “us”) operates the MintyFit digital nutrition service available at mintyfit.com and my.mintyfit.com (the “Platform”).

This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our Platform or services. We are committed to protecting your privacy and processing your data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and Estonian data protection laws, including the Personal Data Protection Act.

By creating an account and using our Platform, you acknowledge that you have read and understood this Privacy Policy and agree to the processing of your personal data as described herein. If you do not agree with this Privacy Policy, please do not use our services.

2. Data Controller

Smart Diet OÜ is the data controller responsible for processing your personal data. You can contact us at:

Smart Diet OÜ
Registry Code: 14295370
Address: Heinamaa tee 19, Viimsi 74019, Estonia
Email: info@mintyfit.com
Phone: +372 679 8600

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Information You Provide Directly

  • Account Information: Name, email address, username, password
  • Social Media Login: Login information from social media platforms (if you choose to use social login such as Google or Facebook)
  • Contact Information: Email address, phone number (if provided)
  • Physical Characteristics: Age, gender, height, weight, body measurements
  • Health and Nutrition Information: Dietary preferences, food allergies and intolerances, nutrition goals, activity level and exercise data, health-related information relevant to nutrition planning
  • Payment Information: Billing details (processed securely by Stripe, our payment processor)
  • Communications: Messages you send us, feedback, survey responses, complaint submissions

3.2 Automatically Collected Information

  • Usage Data: Pages viewed, features used, time spent on Platform, interaction with meal plans and recipes, navigation patterns
  • Technical Data: IP address, browser type and version, device type, operating system, language preferences, time zone settings
  • Cookies and Similar Technologies: Please see our separate Cookie Policy

3.3 Information from Third Parties

  • Payment processing information from Stripe (our secure payment processor)
  • Authentication data if you register using third-party services (e.g., Google, Facebook)

3.4 Family Plan Information

If you use our family plan feature, you may share your data with other family members who have your permission. Other family members on the plan can see data you choose to share with them.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

Purpose Legal Basis
Providing nutrition services and personalized meal plans Performance of contract (GDPR Art. 6(1)(b))
Processing health data for nutrition planning Explicit consent (GDPR Art. 9(2)(a))
Customer support and communication Performance of contract (GDPR Art. 6(1)(b))
Payment processing Performance of contract (GDPR Art. 6(1)(b))
Marketing communications Consent (GDPR Art. 6(1)(a))
Platform improvement and analytics Legitimate interest (GDPR Art. 6(1)(f))
Legal compliance and fraud prevention Legal obligation (GDPR Art. 6(1)(c))
Security and technical operations Legitimate interest (GDPR Art. 6(1)(f))

5. How We Use Your Personal Data

We use your personal data for the following purposes:

5.1 Service Delivery

  • Creating and managing your account and subscription
  • Generating personalized nutrition plans and meal recommendations
  • Tracking your progress toward nutrition and health goals
  • Providing customer support and processing complaints

5.2 Communication

  • Sending service-related notifications
  • Responding to inquiries and support requests
  • Sending marketing communications about our services (you can unsubscribe at any time)
  • Conducting surveys to improve our services

Important: We only market our own services. We never sell your personal data to third parties for their marketing purposes.

5.3 Payment and Administration

  • Processing subscription payments securely through Stripe
  • Managing billing, invoices, and refunds (including our 14-day money-back guarantee)
  • Processing gift card purchases and redemptions
  • Preventing payment fraud

5.4 Service Improvement

  • Analyzing usage patterns to enhance user experience
  • Developing new features, recipes, and meal plans
  • Creating anonymous, aggregated data for research purposes

5.5 Legal Compliance

  • Complying with Estonian and EU legal obligations
  • Protecting against fraud, abuse, and unauthorized access
  • Enforcing our Terms of Service and resolving disputes

6. Sharing Your Personal Data

We do not sell your personal data to third parties. We share your data only in these limited circumstances:

6.1 Service Providers

We work with trusted third-party service providers under strict confidentiality agreements:

  • Stripe: Secure payment processing
  • Cloud Hosting: Data storage within the European Union
  • Email Services: Service notifications and marketing communications
  • Analytics: Google Analytics, Facebook Analytics (anonymized where possible)

All service providers process data only according to our instructions and applicable data protection laws.

6.2 Family Plan Sharing

If you use our family plan, you may grant permission for other family members to view your data. You control these permissions and can revoke them at any time.

6.3 Anonymous Data

We may share anonymous, aggregated data that cannot identify you for marketing materials, research, and service improvement.

6.4 Legal Requirements

We may disclose your data when required by law or to:

  • Comply with legal processes (court orders, government requests)
  • Protect our rights, property, or safety
  • Investigate fraud or security issues
  • Respond to Consumer Protection Board complaints

6.5 Business Transfers

If Smart Diet OÜ is merged, acquired, or sells its assets, your data may be transferred to the acquiring entity. We will notify you via email of any such change.

6.6 With Your Consent

We may share your data with other parties when you have given explicit consent.

7. International Data Transfers and Storage

7.1 Data Storage Location

Your personal data is stored on secure servers located within the European Union. We prioritize keeping your data within the EU/EEA to ensure the highest level of data protection under GDPR.

7.2 Transfers Outside the EU/EEA

In limited cases, we may transfer data outside the EU/EEA (for example, when using certain analytics or service providers with global operations). When such transfers occur, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): Approved by the European Commission
  • Adequacy Decisions: For countries deemed by the European Commission to provide adequate data protection
  • Additional Security Measures: Encryption, access controls, and regular security assessments

7.3 Your Rights Regarding Transfers

You have the right to obtain information about:

  • Which of your data is transferred outside the EU/EEA
  • To which countries and recipients
  • What safeguards are in place

To exercise this right or obtain copies of the safeguards we use, please contact us at info@mintyfit.com.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Account Data: Retained for the duration of your active account and up to 3 years after account closure
  • Health and Nutrition Data: Retained while your account is active and up to 1 year after account closure
  • Payment Records: Retained for 7 years to comply with Estonian accounting requirements
  • Marketing Data: Retained until you withdraw consent or 3 years of inactivity
  • Technical Logs: Typically retained for 12 months

After the retention period, we securely delete or anonymize your data.

9. Your Rights Under GDPR

As a data subject, you have the following rights:

9.1 Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation about whether we process your personal data and to access that data.

9.2 Right to Rectification (Art. 16 GDPR)

You can request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure / “Right to be Forgotten” (Art. 17 GDPR)

You can request deletion of your personal data when:

  • Data is no longer necessary for the purposes collected
  • You withdraw consent (where processing was based on consent)
  • You object to processing and no overriding legitimate grounds exist
  • Data was unlawfully processed
  • Legal obligation requires deletion

9.4 Right to Restriction of Processing (Art. 18 GDPR)

You can request restriction of processing when:

  • You contest the accuracy of the data
  • Processing is unlawful but you oppose erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification

9.5 Right to Data Portability (Art. 20 GDPR)

You can receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

9.6 Right to Object (Art. 21 GDPR)

You can object to processing based on legitimate interests or for direct marketing purposes.

9.7 Right Not to be Subject to Automated Decision-Making (Art. 22 GDPR)

You have the right not to be subject to decisions based solely on automated processing that produces legal effects or similarly significant effects.

9.8 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

9.9 Right to Lodge a Complaint

You have the right to lodge a complaint with the Estonian Data Protection Inspectorate:

  • Address: Tatari 39, 10134 Tallinn, Estonia
  • Email: info@aki.ee
  • Phone: +372 627 4135
  • Website: www.aki.ee

Or with your local EU supervisory authority.

10. How to Exercise Your Rights

To exercise any of your rights, please contact us at:

Email: info@mintyfit.com
Written Request: Smart Diet OÜ, Heinamaa tee 19, Viimsi 74019, Estonia

We will respond to your request within 30 days. In complex cases, we may extend this period by another 60 days and will inform you of the extension.

To verify your identity, we may request additional information. This is a security measure to ensure data is not disclosed to unauthorized persons.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

11.1 Technical Measures

  • Encryption of data in transit (SSL/TLS)
  • Encryption of sensitive data at rest
  • Secure authentication mechanisms
  • Regular security updates and patches
  • Firewalls and intrusion detection systems

11.2 Organizational Measures

  • Access controls and authorization procedures
  • Employee training on data protection
  • Data processing agreements with service providers
  • Regular security assessments
  • Incident response procedures

Despite our efforts, no method of transmission or storage is 100% secure. If you suspect unauthorized access to your account, please contact us immediately.

We process special categories of personal data (health data) under GDPR Article 9, including information about:

  • Dietary restrictions related to health conditions
  • Allergies and food intolerances
  • Medical conditions affecting nutrition

This processing is based on your explicit consent. You can withdraw consent at any time, but this may affect our ability to provide personalized nutrition services.

13. Children’s Privacy and Age Requirement

14.1 Age Requirement

Our Platform and services are intended only for individuals who are at least 18 years old. You must be 18 or older to create an account and use MintyFit.

By creating an account, you represent and warrant that:

  • You are at least 18 years of age
  • You have the legal capacity to enter into a binding agreement
  • All information you provide is accurate and truthful

14.2 No Collection from Minors

We do not knowingly collect, use, or store personal data from individuals under 18 years of age. If you are under 18, do not:

  • Create an account or use our services
  • Provide any personal information through our Platform
  • Access our nutrition plans or other content

14.3 Parental Notice

If you are a parent or guardian and believe that your child under 18 has provided personal data to MintyFit, please contact us immediately at info@mintyfit.com. We will take prompt steps to:

  • Verify the child’s age
  • Delete all personal data associated with the account
  • Terminate the account

14.4 Age Verification

We may request additional verification of your age if we have reason to believe you may be under 18 years old.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Significant changes will be communicated through:

  • Email notification to registered users
  • Prominent notice on our Platform
  • Updated “Last Updated” date

Your continued use of the Platform after changes constitutes acceptance of the updated Privacy Policy.

15. Links to Third-Party Websites

Our Platform may contain links to third-party websites or services not controlled by MintyFit. This Privacy Policy does not apply to such third-party sites. We encourage you to review their privacy policies before providing any personal data.

16. Direct Marketing and Communications

17.1 Marketing Communications

With your consent (given when you create an account), we may send you:

  • New features and service updates
  • Personalized nutrition tips and content
  • New recipes and meal plan options
  • Special offers and promotions

We only market our own MintyFit services. We never sell your email address or personal data to other companies.

17.2 Unsubscribe

You can unsubscribe from marketing emails at any time:

  • Click “unsubscribe” at the bottom of any marketing email
  • Adjust preferences in your account settings
  • Email info@mintyfit.com with “Unsubscribe” in the subject line

We process opt-out requests within 5 business days.

17.3 Essential Communications

Even if you unsubscribe from marketing, you will still receive essential communications:

  • Account notifications and transaction confirmations
  • Password reset emails
  • Responses to your support inquiries
  • Important service updates and security notices

These cannot be opted out of while you maintain an active account.

17. Legal Compliance

17.1 Data Protection Authority

The Estonian Data Protection Inspectorate supervises compliance with data protection laws in Estonia.

17.2 Accounting Records

Payment and transaction records are retained for 7 years in accordance with Estonian Accounting Act requirements.

18. Contact Us

If you have questions, concerns, requests, or complaints regarding this Privacy Policy or our data processing practices, please contact us:

Smart Diet OÜ
Email: info@mintyfit.com
Phone: +372 679 8600
Address: Heinamaa tee 19, Viimsi 74019, Estonia
Registry Code: 14295370

Response Times:

  • General questions: 3-5 business days
  • Data protection requests: 30 days (may be extended to 60 days for complex requests)
  • Complaints: 15 days

What to Include in Your Request:

  • Your full name and registered email address
  • Description of your request
  • Relevant account details (order number, if applicable)

Complaints: If you are not satisfied with our response, you have the right to:

  • File a complaint with the Estonian Data Protection Inspectorate: Tatari 39, 10134 Tallinn, Estonia | Email: info@aki.ee | Phone: +372 627 4135 | Website: www.aki.ee
  • Contact the Estonian Consumer Protection Board
  • Seek resolution through Estonian courts

19. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person
  • Processing: Any operation performed on personal data (collection, storage, use, disclosure, deletion)
  • Data Controller: The entity that determines the purposes and means of processing personal data
  • Data Processor: An entity that processes personal data on behalf of the data controller
  • Data Subject: The individual to whom personal data relates
  • Consent: Freely given, specific, informed, and unambiguous indication of agreement
  • GDPR: General Data Protection Regulation (EU) 2016/679

Effective Date: This Privacy Policy is effective as of December 2024.

Company Information:
Smart Diet OÜ
Registry Code: 14295370
Address: Heinamaa tee 19, Viimsi 74019, Estonia
Email: info@mintyfit.com
Phone: +372 679 8600

By creating an account and using MintyFit services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.